FIDO Alliance Creates New Onboarding Standard To Secure Internet of Things (IoT)
April 2021 by Marc Jacob
The FIDO Alliance announced the launch of the FIDO Device Onboard (FDO) protocol, a new, open IoT standard that enables devices to simply and securely onboard to cloud and on-premise management platforms. Through this standard, the FIDO Alliance addresses challenges of security, cost and complexity tied to IoT device deployment at scale. FIDO Device Onboard furthers the fundamental vision of the Alliance, which has brought together 250+ of the most influential and innovative companies and government agencies from around the world to address cyber security in order to eliminate data breaches, and enable secure online experiences.
IDC expects the IoT market to maintain a double-digit annual growth rate and surpass the $1 trillion mark in 2022. Despite this projected growth, a recent survey of both providers and enterprise users, has found a majority of businesses have serious concerns about breaches to their infrastructures. Of the 170 IoT leaders surveyed, the survey found that 85% say security concerns remain a major barrier to IoT adoption. Almost two-thirds (64%) of respondents stated that end-to-end IoT security is their top short-term priority, surpassing edge compute (55%), artificial intelligence (AI)/machine learning (50%) and 5G deployments (28%).
The FIDO Alliance’s FDO specification for IoT was collaboratively developed to solve the issue of IoT security in onboarding – just as it has done with its FIDO authentication standards to help address the global data breach problem. The FDO specification has reached Proposed Standard status and is open and free to implement. Initially, the specification is targeted at industrial and commercial applications. Developers can view and download the specification at https://fidoalliance.org/specificat...
“The FIDO Device Onboard standard released today builds on the Alliance’s ongoing efforts to help close the security gaps that currently exist on the web, by expanding this work into IoT applications,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance. “Businesses recognize the huge potential of the IoT and the enormous benefits it can bring to manufacturing, retail, healthcare, transportation, logistics and more. The paradigm needs to shift immediately so we can move IoT technologies ahead with safer, stronger and more secure means of authentication for these important uses in industrial and commercial environments.”
A Standard for Fast, Secure IoT Device Onboarding
FDO is an automated onboarding protocol for IoT devices, leveraging asymmetric public key cryptography to provide the industrial IoT industry with a fast and secure way to onboard any device to any device management system.
The business benefits from the FIDO Device Onboard standard include:
• Simplicity – Businesses no longer have to pay more for the lengthy and highly technical installation process than they do for the devices themselves. The highly automated FDO process can be carried out by people of any level of experience quickly and efficiently.
• Flexibility – Businesses can decide which cloud platforms they want to onboard devices to at the point of installation (as opposed to manufacture). A single device SKU can be onboarded to any platform, thereby greatly simplifying the device supply chain.
• Security – FDO leverages an “untrusted installer” approach, which means the installer no longer needs – nor do they have access to – any sensitive infrastructure/access control information to add a device to a network.
“This is a major milestone that aims to solve one of today’s critical challenges with deploying IoT systems. The new FDO standard will help reduce cost, save time and improve security, all helping the IoT industry to expand rapidly,” said Christine Boles, Vice President, Internet of Things Group and General Manager, Industrial Solutions Division at Intel. “Implementation of the FDO standard will enable businesses to truly take advantage of the full IoT opportunity by replacing the current manual onboarding process with an automated, highly secure industry solution.”
This is the latest FIDO Alliance initiative in its mission to reduce the world’s reliance on passwords with simpler, stronger authentication that prevents scalable attacks and account takeovers. FIDO Device Onboard was developed through the work of the Alliance’s IoT Technical Working Group, led by co-chairs Richard Kerslake, Intel, Giridhar Mandyam, Qualcomm and vice chair Geof Cooper, Intel. Additional companies with specification editors including Arm, Amazon Web Services (AWS), Google and Microsoft.
The FIDO Alliance and IoT TWG will be hosting a webinar on May 7th to review the FIDO Device Onboard standard, use cases and upcoming certification processes. For more information and to register: https://fidoalliance.org/event/secu....
For an introduction to FIDO Device Onboard, read the paper at https://fidoalliance.org/intro-to-f....
Comments about FDO from IoT Industry Stakeholders
“As the IoT rapidly expands, the security of devices cannot be optional and a strong foundational root of trust is essential. Arm is dedicated to driving standards in security through initiatives such as PSA Certified, and welcomes further ecosystem collaboration for the advancement of secure, robust solutions that enable innovation. The FDO specification will enable device makers to deploy, onboard and manage secure IoT devices faster at a lower cost, helping scale IoT across both industrial and consumer use cases.” — Mohamed Awad, vice president, IoT Business at Arm
“FDO is a revolutionary standard, leveraged by BT’s Zero Touch Onboarding (ZTO), which can address a critical need for the IoT, Edge Compute and 5G industries and help them to scale up securely and fully automated, from the manufacturer to the consumer, from the device to edge, and from edge to the cloud." — Dr Mohammad Zoualfaghari, Research Manager and IoT Architect at BT
“We are delighted to be part of the IoT TWG and will be supporting the FIDO device onboarding (FDO) specification. Originally, we worked closely with Intel SDO and adopted this approach to our IoT security platform, KeyScaler. Now that FIDO has developed a new enhanced standard, we will also be supporting FDO in our KeyScaler platform. Current and future customers will be able to leverage FDO in their IoT projects.” — Darron Antill, CEO of Device Authority
“The work the FIDO Alliance is doing to address phishing by closing security gaps on the web would not be possible without industry collaboration and standardization. It’s a natural fit for the FIDO Alliance to use these same tools to address the threats against IoT infrastructure. As a board member of the FIDO Alliance since its earliest days, Google is proud to have contributed to this new standardization effort to better secure IoT.” — Dave Kleidermacher, VP, Android Security & Privacy, Google
“The Open Horizon project wanted a simple solution to zero-touch provisioning that would have wide support from hardware manufacturers, maximum flexibility, and a staged approach. The FDO specification from the FIDO Alliance certainly meets those requirements. After implementing and shipping support in Open Horizon, we’re pleased with the results and with the feedback we’ve received from those using it in the field. We’re looking forward to implementing FDO in our Smart Agriculture SIG’s use cases, and in the Open Retail Reference Architecture.” — Joe Pearson, Technology Strategist, IBM Cloud and Technical Steering Committee Chair, Open Horizon project
“We are delighted that the FDO protocol is built with security in mind as it enables FDO based systems to store the private key secrets and device credentials in a Trusted Platform Module. TPM is a widely accepted and used technology that creates trust in manufacturing and supply chain. It is a major contribution towards the acceleration of IoT device deployment.” — Jürgen Rebel, Senior Vice President and General Manager Embedded Security at Infineon Technologies
“Today’s announcement is a significant leap forward in enabling secure device deployments at scale. By creating the standard and open source reference implementation in parallel, the FIDO Alliance has delivered an IoT standard which is proven to be secure, significantly lowers the cost of onboarding and speeds time to market.” — Francois Ozog, Director of Linaro’s Edge and Fog Computing Group
“LoginID continues to support the FIDO standard and its emergence as the de facto global method for authentication. As part of our API strategy of providing the easiest way to integrate FIDO, LoginID will be deploying FDO as a part of our platform in 2021. We look forward to collaborating further with other enterprises on this initiative.” — Simon Law, CEO, LoginID
“We are thrilled to see the FIDO Alliance address such a critical piece of the IoT device lifecycle. Device onboarding through a standardized protocol like FDO simplifies device set-up by abstracting the underlying complexities of the hardware, which will accelerate the adoption of IoT in industry.” — Sam George, VP of IoT, Microsoft Azure
“The demand for automatic onboarding, traceability and updating of assets is growing, and manufacturers are challenged to rapidly identify and replace defective devices before they disrupt operations. Integrating FDO into our IAS4.0 platform will prove invaluable in informing our roadmap for the future of industrial automation and Molex’s broad portfolio of industry-leading connectivity solutions.” — Riky Comini, Senior Director of Industrial Automation, Molex
“The FIDO Alliance has set the standards for secure user to device authentication which has gained broad acceptance and adoption worldwide. With their release of these new standards for IoT we now have equally robust standards to support the challenges associated with secure device onboarding.” — Phil Dunkelberger, CEO, Nok Nok
“FIDO is simply the most effective way to eliminate both ID theft and unessential password reuse. The Rakuten security team is fully committed to transitioning from traditional authentication methods to a world where passwords aren’t required. This mission is critical if we wish to achieve a truly secure internet for society. This is another important milestone on the way to Internet World Peace.” — Yoshinari Fukumoto, General Manager of Cyber Security Defense Department, Rakuten Group, Inc.
“By promoting the FIDO Device Onboard (FDO) Specification to Proposed Standard, FIDO Alliance is demonstrating its active commitment in deploying its authentication standards to new fields. The FDO specification will pave the way for secure interactions between devices and IoT platforms. As a board member of the FIDO Alliance, RaonSecure is delighted to support the FIDO Alliance in this important progress, enhancing security in IoT environments.” — Soonhyung Lee, CEO, RaonSecure
“SecurID, an RSA business, congratulates FIDO and the identity community for completing the FDO spec, a critical milestone towards securing the IoT supply chain and ecosystem. As a FIDO Board Member and contributor to the FDO technical working group, we are actively exploring ways to incorporate FDO into our market-leading identity and access management and IoT security offerings.” — Salah Machani, Director, Engineering Technologist, RSA
About the FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.